back to article We're just shouting into the void, says US watchdog offering cybersecurity advice

Since coming into office two years ago, the Biden Administration has made the cyber defenses of US government agencies – as well as the private sector – a key focus. However, the US Government Accountability Office (GAO) – Congress' auditing and investigative arm – says that since 2010, it has made about 335 cybersecurity …

  1. Anonymous Coward
    Anonymous Coward

    Janus.....The God Of Facing Both Ways At Once!!!

    The GAO spake thusly: "A full-scale quantum computer has the potential to break standard encryption technologies, creating a major information security risk. As a result, the federal government's cybersecurity infrastructure will need to evolve to address this threat."

    But of course the friendly folk at Fort Meade are investing heavily to build "a full-scale quantum computer".......so that the friendly folk at Fort Meade can break the "cybersecurity infrastructure" of anyone else.

    Your taxpayer dollar at work.....we are the good guys....it's those others who are a threat!

    What....cynical......moi?

    1. Version 1.0 Silver badge
      Facepalm

      Re: Janus.....The God Of Facing Both Ways At Once!!!

      Look at the way the government works, we're going to "ban" all these cybersecurity attacks and we think it will help us?

      But look at how things have gone with the government's "drug war" to fight everyone who used to just smoke and snort a little 40 years ago ... the drug war has vastly increased drug consumption and the dealers are now making vastly more money from drugs while making drugs far worse then they ever were. Are we seeing the same events now with cybersecurity - I'm seeing my daily malware detection's are going way up all the time ... will the cybersecurity way be as effective as the drug war?

  2. Neil Barnes Silver badge
    Coat

    Pointer to void?

    Sounds like a security risk...

    The one with, er, empty pockets --->

  3. Anonymous Coward
    Anonymous Coward

    Don't Use Service Providers.....They Might Be Compromised.....

    Quote: ".....break standard encryption technologies...."

    So....my buddies and I are using D/H with a 60,000 bit safe prime. You know.....peer-to-peer across Gmail......

    Ah!!.....no Signal, no Telegram.......just a nice simple D/H application which we wrote and we control.......

    Are we using RSA....or IDEA....or AES.....or samba20? That's for us to know....and for the snoops to find out....

    Good luck with "standard encryption technologies"......

    1. Kevin McMurtrie Silver badge
      Facepalm

      Re: Don't Use Service Providers.....They Might Be Compromised.....

      The Register "Post anonymously" feature. The most secure and unbreakable anonymizer in the universe.

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't Use Service Providers.....They Might Be Compromised.....

        @Kevin_McMurtrie

        Yo!! Kevin!! There are multiple people with your name on LinkedIn.........which one are you? Glasgow? Sunnyvale? Atlanta? Somewhere else?

        I'm AC..............look up Edward Teach...... In Bermuda? In North Carolina?..... Dead? ....or what?

        Is your "anonymizer" better than mine? I'm sure you will let us all know!!

  4. Paul Hovnanian Silver badge
    Big Brother

    Advice

    Here's your PRISM chip. Enjoy your secure computing.

  5. Claptrap314 Silver badge
    Mushroom

    Step 1: UNPLUG

    Seriously. How in the 4377 is the Fed government using the likes of Solar Winds for systems with sensitive information in the first place?

    Doubtlessly, as our government is suppose to be "for the people", there is a need for a LOT of information to be made public. But NONE of that should have any ability to feed back into the actual backend systems that store & process the data. AND--those back end systems have no need to be on the public internet at all.

    But when Hillary Clinton is your model for handling secure data (looking at YOU, Trump...Biden...Pence...???), I guess it's unreasonable to expect even the most basic rule to be taken seriously, let alone be implemented.

  6. ecofeco Silver badge

    Same old same old

    Everyone I know who works in ITSec has been saying this for.. damn, how long now? 10 years?

    1. DougMac

      Re: Same old same old

      It has been 35 years since the Morris Worm (1988).

      I'd say that was one of the first wake up calls that security is important and should be followed.

  7. Anonymous Coward
    Anonymous Coward

    Update firmware? But the manufacturer doesn’t support that model any more. Buy a new one!

    Critical infrastructure covered by public funding? No budget for that!

    Private operations threatened? Meh, it’ll never happen to me.

    It’s compounded by the “Next” device supposed to provide cover inevitably being broken within weeks of launch; thus living with existing risk and Swiss cheese models is order of the day. It cost, much pain, little gain.

    The only way to force the issue is a knee jerk response to an actual attack on something important.

    1. HammerOn1024

      "Critical infrastructure covered by public funding? No budget for that!"

      And we you have it in one!

      Dear US Congress,

      Write an actual BILL, shocking I know since you only do "continuing resolutions" these days since you are so inept, that allocates FUNDS specifically to implement Cyber Security! I believe that bill would be a whopping three lines long.

      And yes, you are, Congress, a bunch of village idiots.

      1. Anonymous Coward
        Anonymous Coward

        It's worse than that. Often, the mandates are one-size-fits-none insanities that no one in the private sector does, even so called "security" companies. Or there are so many competing mandates that there isn't time to get anything done, and mandatory reporting on what you aren't doing takes up all your time to actually implement anything.

        335 "recommendations"? NIST SP 800-53 has fewer controls than that for a LOW enclave. It's a huge deal to actually write and implement a plan to address each NIST SP 800-53 control, and those tend to be (mostly) well thought out.

        The whole supply chain management requirements are precisely what causes government shops to be so incredibly slow about adoption of standard tools or pivoting away from tools that are no longer a good idea -- because the review process is so burdensome.

  8. Anonymous Coward
    Anonymous Coward

    "Cybersecurity Advice" -- Privacy? Security? Keys? Fingerprints? "Safe Primes?" AES? IDEA?? samba20?

    0l8zupKZwTeBaNQbcRaxSLgPCVAZ2VUpQ5ILYtKL8rGLgn6TIRY5efaV43qjCDGN47O1Qx6jEtM3

    oD2ByzUdinARGBwP0D6bCFU1ehIfsdIH4fo1S9wpMxeRIBIJYt8laxOTczgBu9afyvCvexg16Jy5

    QJGBUlOLe3EPMHgpcL0BWRmXqJALMtQnAJYDiDQZwFmtoVQ5E1qLs10FS1OlGPenkjo9I9i7YTUJ

    c7kpwfonczq3AXCb6NuzENsFkNgV6nC5IlALWVcn6t6XaxGBQDeRU9Kr03G5kvmBULyRm3w7cl41

    Irqx47yVIN0xwjUjAf6P85qlct4RiZCLonudSr0BidaBg5CbIbeFENk90lSRozm52lE1I9Atg3EN

    CFEJGf2Jm3iZyfIlKNaPm1a1avEHa5sVAtGByjA3wzqvkj8N2D4PEl6zuBWNClOXAvO9Y7qVadip

    29WnCpSLIlKRmXwHOTMHSNC98BMNyhUdarKB0JqngxW1gZ4n69Cb4tuvE5AvuHkLSzO3YBerczGn

    URarq9GRyFgtgrsFOnWVOzC9cfwT6Foz4jUhubW5CvkVGbefkLa9G58nk1Ct87CPUfan4xs5Ylgh

    cPmLc7QTCVQj0h6RSHqNijO3Ufq9KV2NivMlYHmzgL4vytahSNi5GnoFo1YfWnSBAlyhexWDGToJ

    6l85O9ET0ZST2bmHg9KTIrIl23CVCRYzmzoXa3iReXeLorGvc30von0zqPcz2zi3S7eR2bSDqRet

    Y1SLstS3uvSFstWTUT89MRkvWFqb0JcraH87CVg3wdSlovG58x8FM3ahA10BOd87OBEpSj65qHm1

    mLwJCDMvqTkF0v4TcrIJGPqb0R45Sl2fCrKXuZa9ozenQzapwTCdAZcJ8VU9SvgXuzUNSTQ3ixOb

    2rKTOhyb

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like